Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities

Amazon Threat Intelligence reports Russian GRU hackers are increasingly breaking into critical infrastructure by abusing misconfigured devices instead of exploiting software vulnerabilities...

CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

WiFi-Pineapple-MK7_REST-Client - WiFi Hacking Workflow With WiFi Pineapple Mark VII API

PINEAPPLE MARK VII REST CLIENT The leading rogue access point and WiFi pentest toolkit for close access operations. Passive and active attacks analyze vulnerable and misconfigured devices. https://hak5.org/collections/sale/products/wifi-pineapple Author :: TW-D Version :: 1.3.7 Copyright ::...

Feds Take Down 13 More DDoS-for-Hire Services

The U.S. Federal Bureau of Investigation FBI this week seized 13 domain names connected to "booter" services that let paying customers launch crippling distributed denial-of-service DDoS attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Trustpoint Configuration Defaults

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software can be configured for certificate authentication in remote access VPN deployments. An external researcher has identified several misconfigured Cisco ASA and FTD Software remote access devices where the...